{"id":"CVE-2020-8446","details":"In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.","modified":"2026-04-10T04:28:23.562396Z","published":"2020-01-30T01:15:10.993Z","references":[{"type":"ADVISORY","url":"https://github.com/ossec/ossec-hids/issues/1821"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-33"},{"type":"ADVISORY","url":"https://www.ossec.net/"},{"type":"EVIDENCE","url":"https://github.com/ossec/ossec-hids/issues/1813"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ossec/ossec-hids","events":[{"introduced":"ec19fd9e712e8ee710ec7d29b9f1476a95913db8"},{"last_affected":"b1d087f83cd9693841f2baeede532397fbfa2d03"}],"database_specific":{"versions":[{"introduced":"2.7"},{"last_affected":"3.5.0"}]}}],"versions":["2.9.0-beta01","2.9.0-beta02","2.9.0-beta03","3.0.0","3.0beta01","3.0beta02","3.0beta03","3.0beta2","3.1.0","3.2.0","3.3.0","3.4.0","3.5.0","snapshot/20150112","v2.7","v2.7.1","v2.8.0","v2.9.0beta05"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8446.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}